Live Updates released for Symantec Security Information Manager (SSIM) Collectors - June and July 2013

book

Article ID: 158291

calendar_today

Updated On:

Products

Security Information Manager

Issue/Introduction

You would like to review which SSIM Collectors LiveUpdate packages were released June and July 2013. 

Note: You must update your Java LiveUpdate to Jave LiveUpdate v3.7.7 or better before downloading Live Updates for Collectors

Note:If using LiveUpdate Administrator you must update to LUA 2.3.2 or newer to download SSIM v5.0 and newer collector Live Updates

 

 

Resolution

LiveUpdates have been released for collectors in June and July 2013

Overview
Symantec has released collector LiveUpdate packages for the following collectors and sensors:
 
This release contains update to the following Collectors divided in two categories:
  1. LiveUpdates released for defect fixes only:
  • Symantec Event Collector 4.4 for Forescout Counteract
    • Fixed: added support for more logging choices
  • Symantec Event Collector 4.4 for Fortinet
    • Fixed: Fortinet collector mapping for intrusion Outcome ID incorrect (status=dropped)
  • Symantec Event Collector 4.3 for ISS Siteprotector
    • Fixed:  java.lang.StringIndexOutOfBoundsException: String index out of range
  • Symantec Event Collector 5.0 for Fortinet Services
    • Fixed: Fortinet collector mapping for intrusion Outcome ID incorrect (status=dropped)
  • Symantec Event Collector 4.3 for McAfee EPO v4
    • Fixed: Not mapping signature name when present in raw event
  • Symantec Event Collector 4.3 for Microsoft IIS
    • Fixed: Server outbound bytes field too small for large file downloads
  • Symantec Event Collector 5.0 Management Event Collector
    • Fixed: Events were truncated if it contained white space character
  • Symantec Event Collector 5.0 for Palo Alto Firewall
    • Fixed: Cannot convert the IP address "" to numeric value:
  • Symantec Event Collector 5.0 for Palo Alto NG Firewall
    • Fixed: Source Assignment for Network Malware
  • Symantec Event Collector for Sourcefire
    • Fixed: Sourcefire ipv6 collector detection engine name inconsistently parsed
  • Symantec Event Collector 4.3 for Symantec Endpoint
    • Fixed: Transaction (Process ID) was deadlocked on lock resources with another process and has been chosen as the deadlock victim
  • Symantec Event Collector 5.0 for Symantec Endpoint State
    • Fixed: Collector not mapping correctly SONAR Event
    • Fixed: Collecting duplicate events for AgentSystemLogQuery only
    • Fixed: Snapshot takes too long to complete
    • Added: Option for SEP State collector to only collect latest scan
    • Fixed:  current_ver_date contained null for some events
    • Fixed: Event description populated by null for some events
  • Symantec Event Collector 5.0 for Unix Syslog
    • Fixed: Incorrect population of User Name and Target Resource
    • Fixed: Invalid source hostname
    • Changed: Format changed for “password change” event
    • Fixed: Event GID changed for user is not getting captured. The event is filtered out by Catch-All filter
    • Changed: Format change for "User Name Changed" event
    • Changed: Format change for "Unknown User" event
    • Changed: Format change for "User Name Changed in Group" event
    • Fixed: logging_device_ip and logging_device_name populated incorrectly
    • Fixed:  Some events translated as SSHCatchAll is now translated more properly
    • And other fixes for this collector 
  • Symantec Event Collector 4.4 for VMWare vSphere
    • Fixed: Update System Events with "Connection Rejected" (512001) event_id
    • Fixed: Update Event Class of Remote Console Event
    • Fixed: Task Information mapped to an Indexed field
  • Symantec Log File Sensor 2.21-2.44 upgraded to  2.45 
  1. LiveUpdates have also been released to support new versions of end point products:
  • Symantec Event Collector 4.3 for Apache WS (supported added for v2.4)
  • Symantec Event Collector 4.4 for Cisco ASA (support added for v9.1)
  • Symantec Event Collector 4.4 for Cisco IPS (support added for v7.1(7) E4)
  • Symantec Event Collector 5.0 for Juniper SRX (support added for v12.1 R3.5)
  • Symantec Event Collector 4.3 for McAfee EPO (support added for v5.0)
  • Symantec Event Collector 5.0 for McAfee Intrushield (support added for v7.5)
  • Symantec Event Collector 4.4 for Oracle DB (support added for v11gR2)
  • Symantec Event Collector 5.0 for Palo Alto NGFW (support added for v5.0.4)
  • Symantec Event Collector 4.3 for Snare for Windows (support added for v4.0.1.2a)
  • Symantec Event Collector 5.0 for Sophos Enterprise Console (support added for v10.x)
  • Symantec Event Collector 5.0 for Sourcefire Snort Unified2 (support added for v2.9.4)
  • Symantec Event Collector 5.0 for Symantec Endpoint (support added for v12.1RU3)
  • Symantec Event Collector 5.0 for Symantec DLP (support added for v11.6)
  • Symantec Event Collector 5.0 for Sourcefire eStreamer (support added for v5.1.1)
  • Symantec Event Collector 5.0 for Websense WebSecurity (support added for v7.6.2/3)